Welcome, Guest User :: Click here to login

Logo 67327

67-327: Web Application Security

Carnegie Mellon University
Fall 2017 - Professor Heimann

Profh teaching

This is a technical course designed to help students learn how to exploit web applications and to be better able as developers to defend against such exploits. The course covers the process of hacking a web application, starting with initial mapping and analysis, followed by identifying common logic flaws in web apps, database and network exploits, command and SQL injections, and the like. This hands-on course requires students to be familiar with at least one popular web application framework or language (such as Ruby on Rails, PHP, Django/Python, ASP.NET or the like)

At the end of this course, students should be able to:

  1. identify key problems in web application security
  2. identify core defense mechanisms
  3. identify specific vulnerabilities in a given web application
  4. plan and execute a successful attack against a specific vulnerability
  5. harden defenses in response to a specific vulnerability

Links at the top of the page should direct students to relevant course materials (schedule, course and program policies, and project assignments) that are being used for the Fall 2017 semester in Pittsburgh. The general policies link are for those adopted by the IS Program; all will be adhered to in this course. Information on this site is only relevant for the Fall 2017 semester only.